The bot is a secure password vault. You encrypt your password with your master password and store it in the bot. When you want to recall your password, you only need to enter your master password. The master password and passwords are not stored anywhere,
Start communication with SafeStorageBot bot in your Telegram, by clicking on the "Send Message" button.
The Telegram team announced the Saved Messages tab quite a while ago. Over time, my friends and I noticed that some of our passwords from services began to appear there as well, and “Saved Messages” is already being used as a password repository.
It’s quite convenient, but there are some disadvantages:
1. Passwords are not encrypted.
2. It is hard to search without tags, because there is other information
3. It’s inconvenient to associate the service with the password
4. You have to select when copying (which is not always convenient when there are special characters)
Solve this problem securely for passwords with a bot, before the release of Telegram WebApp was impossible with one bot(you can encrypt separately and send the result):
1. No client side(code that can be verified)
2. Send unencrypted passwords to server is unsafe
With the advantage of WebApp this can be done (the main thing is to think up and remember the master-password):
2. Send the encrypted password to the server (there we encrypt the password a couple more times to secure the database)
3. When we need a password, we request it and decrypt it using the master password on the client side
That’s how this bot came about.
How it works:
- You add a password with the title
- You enter the master password for encryption
- Send title + encrypted password to the server (master-password is never sent)
- On the server, encrypt the password a second time with the server master-password
- The entry is saved in the database
- You request the password
- The entry is retrieved from the database and decrypted with the server master-password
- Sent to the client side
- You see the decrypted password and can copy it
The client part of the application is posted in the repository:
With the command ‘/version’ you can always see the commit number of the client part of the application and see the code.
I have long thought about monetisation and after consulting with friends I settled on the option 3 passwords can always be stored, and for a donation of 3 euros a month you can store any number
Thank you for your attention!